Files Date: 2001-01-26

SuSE Security Announcement SuSE-SA:2001:01 - The runtime-linker as used in the SuSE distributions ignores the content of the critical environment variables, allowing local users to link against user-specified libraries and obtain the privilege level of a setuid binary. To eliminate these problems, we provide update packages that completely disregard the LD_* variables upon runtime-linking of a binary that has an effective uid different from the caller's userid.

Debian Security Advisory DSA-022-1 - Exmh v2.2 and below used /tmp for storing temporary files. No checks were made to ensure that nobody placed a symlink with the same name in /tmp in the meantime and thus was vulnerable to a symlink attack.

iSSL is a library offering a minimal cryptographical API that uses the ciphers RSA and AES to establish SSL-alike, secure encrypted communications between two peers communicating through a network socket, including session key generation and public key exchange.

FreeBSD Security Advisory FreeBSD-SA-01:09 - Crontab contains a vulnerability which allows local users to read any file on the system which conforms to a valid cron syntax. This allows other users crontab files to be read, in addition to any file which has every line commented out.

TCT is a collection of tools which are geared towards gathering and analyzing forensic data UNIX system after a break-in. TCT features the grave-robber tool which captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the keyfind tool that recovers cryptographic keys from a running process or from files. TCT is tested on Linux, BSD, Solaris, and SunOS. For more information see the handouts from Dan Farmer and Wietse Venema's computer forensics analysis class.

Changes: Fixes for the grave robber, added more switches, SunOS support added, and lots more misc fixes!

Pwdump3 combines the functionality of pwdump by Jeremy Allison and pwdump2 by Todd Sabin. It is capable of extracting the password hashes from a remote Windows NT 4.0 or 2000 box whether or not syskey has been installed. This is accomplished by injecting a process onto the remote system, extracting the hashes, then copying the hashes back to the local system. This is a useful tool for checking password strength.

Tcpbroker does TCP port forwarding with a twist - it connects two incoming sockets together. Tcpbroker allows you to telnet out from behind a firewall to another system also behind a firewall via a proxy host running the broker. All you need to do is remote command the far system to make the outgoing connection to the broker. Tcpbroker includes a secure authentication mechanism via Tiny SRP. A version without authentication is also included.